<?

require_once(dirname(__FILE__) . '/../config.php');
require_once(APPLICATION_ROOT . "/db.php");
include(APPLICATION_ROOT . "/items.php");

# Sanitize the common inputs.
$input_id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_STRING);
$input_buyer = filter_input(INPUT_GET, 'buyer', FILTER_SANITIZE_STRING);

# Expiring redirect!
# needs $_GET['id'] AND $_GET['buyer']

if ((!$input_id) OR (!$input_buyer)) {
	die("File not found.");
}

$sql = new mod_db();
$sql->connection();

$id = mysql_escape_string($input_buyer);
$itemid = mysql_escape_string($input_id);

$query = $sql->query("SELECT * FROM " . BSDDS_PURCHASE_TABLE . " WHERE (buyer_id = '{$id}' AND itemID = '{$itemid'}) ORDER BY transactionID DESC");
$info = mysql_fetch_array($query);

# Cobble together the URL here.

$filename = $products[$info['itemID']]['filename'] . $products[$info[itemID]][trim($info[format])];

# echo $filename;

# die("TEST TEST TEST");

# echo $_SERVER['REDIRECT_URL'];

# echo $filename;


#$localFile = stripslashes(".." . $_SERVER['REDIRECT_URL']);
#$redirectURL = mysql_escape_string($_SERVER['REDIRECT_URL']);

$localFile = filter_var($filename, FILTER_SANITIZE_URL);
$redirectURL = mysql_escape_string($filename);

$remoteIP = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL);
$referer = filter_input(INPUT_SERVER, 'HTTP_REFERER', FILTER_SANITIZE_URL);

if (file_exists($localFile)) {	# File exists

	$IP = $remoteIP;

	if (time() < $info['time']+BSDDS_LINK_EXPIRY) { # Make secure URL.

		$pattern = "/\.(azw|epub|flac|htm|html|lit|mobi|mp3|ogg|opf|pdb|pdf|prc|rtf|txt|zip)$/";

		preg_match($pattern, $localFile, $matches, PREG_OFFSET_CAPTURE);

		switch ($matches[1][0]) {
			case 'azw':
						$contenttype = "application/vnd.amazon.ebook";
						break;
			case 'epub':
						$contenttype = "application/epub+zip";
						break;
			case 'flac':
						$contenttype = "audio/x-flac";
						break;
			case 'htm':
						$contenttype = "text/html";
						break;
			case 'html':
						$contenttype = "text/html";
						break;
			case 'lit':
						$contenttype = "application/x-ms-reader";
						break;
			case 'mobi':
						$contenttype = "application/x-mobipocket-ebook";
						break;
			case 'mp3':
						$contenttype = "audio/mpeg";
						break;
			case 'ogg':
						$contenttype = "audio/ogg";
						break;
			case 'opf':
						$contenttype = "application/oebps-package+xml";
						break;
			case 'pdb':
						$contenttype = "application/vnd.palm";
						break;
			case 'pdf':
						$contenttype = "application/pdf";
						break;
			case 'prc':
						$contenttype = "application/x-mobipocket-ebook";
						break;
			case 'rtf':
						$contenttype = "text/rtf";
						break;
			case 'txt':
						$contenttype = "text/plain";
						break;
			case 'zip':
						$contenttype = "application/zip";
						break;
			default:
						$contenttype = "application/octet-stream";
						break;
		}

		$handle = fopen("$localFile", "rb");
		header("Content-Type: $contenttype");
		header("Content-Length: " . filesize($localFile));
		fpassthru($handle);
		fclose($handle);
	} else {
		die(BSDDS_LINK_EXPIRED_MESSAGE);
	}
} else {
	# File does not exist.
	header('HTTP/1.0 404 Not Found');
	die("File not found.");
}

?>